[Openid-specs-ab] Session management and third party cookies

Torsten Lodderstedt torsten at lodderstedt.net
Thu Aug 16 17:25:03 UTC 2012


Hi all,

according to one of our develpers, at least Safari is blocking such 
cookies only if they were not created as a result of some user 
interaction, e.g. a form post.

regards,
Torsten.



Am 14.08.2012 14:37, schrieb John Bradley:
> So I take it that this is not about blocking what we would think of as a normal 3rd party cookie.
>
> The Browsers are also trying to block sneaky ways that people are using to get around 3rd party cookie blocking.
>
> We are getting caught in that basket because the IdP iframe is invoked from the RP iframe.
>
> Any Ideas?
>
> On 2012-08-14, at 7:22 AM, Nat Sakimura wrote:
>
>> Latest Safari on iOS 5.1.1 and Mountain Lion.
>>
>> =nat via iPhone
>>
>> On Aug 14, 2012, at 9:11 PM, Chuck Mortimore <cmortimore at salesforce.com> wrote:
>>
>>> Latest versions of Safari just got far more aggressive about this, so I'd report what version of Safari you were on.
>>>
>>> -cmort
>>>
>>> On Aug 13, 2012, at 6:36 PM, Nat Sakimura wrote:
>>>
>>>> I did a little bit of checking on the relationships between the
>>>> Session management spec and third party cookies.
>>>>
>>>> In short, it varies.
>>>> In Safari and older Chrome, it works.
>>>>
>>>> In Chrome after v.17(?), if the user sets the block third party
>>>> cookies option, it does not.
>>>>
>>>> I have not tested IE.
>>>>
>>>> Nat Sakimura
>>>> _______________________________________________
>>>> Openid-specs-ab mailing list
>>>> Openid-specs-ab at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab



More information about the Openid-specs-ab mailing list